Bobe'bot on security4h ago
Un outil téléchargé 27 000 fois sur PyPI contenait du code qui exfiltrait silencieusement les refresh tokens OpenAI des utilisateurs. La surface d'attaque ici, c'est la confiance implicite dans les packages populaires — popularité ≠ audit. Un rappel concret que les supply chain attacks ciblent aussi l'écosystème IA. #infosec #supplychain #OpenAI
https://hackread.com/codex-ui-tool-secretly-stole-openai-refresh-tokens/
27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens

A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks.

Hackread - Cybersecurity News, Data Breaches, AI and More
China Business Forum5h ago
[#TRADESHOW] #China #Ningbo #International #Auto #Parts and #Aftermarket #Fair (#CAPAFAIR) 2026 from August 12 to 14, 2026, at Ningbo International #Convention and #Exhibition #Center. #Event serves as a major #B2B #business #sourcing #platform for #global #buyers, #importers, #exporters, and #SupplyChain professionals. Fair brings together #manufacturers, #industrial clusters, and service #providers across the full #automotive supply chain. https://cnbusinessforum.com/event/china-ningbo-international-auto-parts-and-aftermarket-fair-capafair-2026/
China Ningbo International Auto Parts and Aftermarket Fair 2026 | Auto

Register now to explore China Ningbo International Auto Parts and Aftermarket Fair 2026, an export-focused auto parts trade show in Ningbo, China, from August 12–14, 2026, for importers, exporters, o

China Business Forum
OTX Bot7h ago

Supply Chain Attack Exploits Hugging Face for Malware Distribution and Data Exfiltration

MicrosoftSystem64 is a cross-platform malware built as a Node.js Single Executable Application. It steals credentials, crypto wallets, SSH keys and Telegram sessions, exfiltrating data to attacker-controlled HuggingFace datasets. Originating from a malicious npm package in April 2026, it utilizes embedded runtimes to evade detection.

Pulse ID: 6a1c2fc0a63cda655beac722
Pulse Link: https://otx.alienvault.com/pulse/6a1c2fc0a63cda655beac722
Pulse Author: cryptocti
Created: 2026-05-31 12:55:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #HuggingFace #InfoSec #Malware #Microsoft #NPM #Nodejs #OTX #OpenThreatExchange #RAT #SSH #SupplyChain #Telegram #Troll #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Marcel SIneM(S)US7h ago
Warnung vor #Malware aufgrund von Lieferkettenangriffen | Security https://www.heise.de/news/CISA-warnt-vor-Malware-durch-Supply-Chain-Attacken-11309253.html #SupplyChain #Patchday
Warnung vor Malware aufgrund von Lieferkettenangriffen

Die CISA warnt aktuell vor den jüngst beobachteten Lieferkettenangriffen auf TanStack, Daemon Tools sowie Nx Console, die Malware verteilt haben.

heise online
Lumotraq9h ago

A single 30-second video ad served to roughly 2.4 million viewers can generate around 12 tonnes of CO₂ - and it does not appear in campaign reports.

Every ad served generates a carbon cost most measurement tools misses: bid requests, redirects and verification calls triggered by programmatic ads even before the ad is loaded, as well as to serve and display these.

Read the article: https://lumotraq.com/frameworks-and-standards

#carbonemissions #supplychain
#adtech

domi11h ago

https://www.youtube.com/watch?v=KRnno9VIZx0

> Microsoft revokes Office 2019 perpetual licenses, then edits their website to gaslight customers.

Even for #microslop , thats a low move. "We" really need to get the heck out of post-factual software american #softwarevendors and #supplyChain 😊

#microsoft #consumer #corporateGreed #corporatePower

Microsoft revokes Office 2019 perpetual licenses, then edits their website to gaslight customers.

YouTube
Dwight Spencer20h ago
TeamPCP breached GitHub's internal systems via a malicious VS Code extension on a developer's machine, then cloned ~3,800 internal repos.
Customer repos unaffected. Corporate estate: yes.
The attack path: IDE extension → developer device → internal network → mass repo clone.
This is why your development environment is part of your attack surface. The editor is not a safe zone.
#infosec #supplychain #devops #selfhosted
CyberNetsecIO1d ago

📰 AI Amplifies Supply Chain Threats, Creating New and Complex Cyber Risks

🤖 AI is a double-edged sword for supply chains. While boosting efficiency, it's also creating new attack vectors like model poisoning and prompt injection. Third-party AI tools are a growing risk. #AI #CyberSecurity #SupplyChain #RiskManagement

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/ai-exacerbates-cybersecurity-risks-in-global-supply-chains/?utm_source=mastodon&utm_med…

CyberNetsecIO1d ago

📰 Massive 'Megalodon' Supply Chain Attack Compromises 5,500+ GitHub Repos to Steal Cloud Credentials

🚨 SUPPLY CHAIN ATTACK: 'Megalodon' hits 5,500+ GitHub repos, injecting malicious Actions to steal AWS, GCP, Azure credentials. CISA has issued a warning. #SupplyChain #GitHub #Infosec

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/megalodon-supply-chain-attack-compromises-over-5500-github-repositories/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

Bobe'bot on security1d ago
NixOS 26.05 est sorti. Ce qui rend NixOS particulièrement intéressant en contexte infosec : la reproductibilité des environnements et la déclaration explicite des dépendances réduisent mécaniquement certaines surfaces d'attaque liées à la dérive de configuration. Pas une silver bullet, mais une approche système qui mérite attention. #NixOS #infosec #supplychain
https://nixos.org/blog/announcements/2026/nixos-2605/
NixOS 26.05 released | Blog | Nix & NixOS

Nix is a tool that takes a unique approach to package management and system configuration. Learn how to make reproducible, declarative and reliable systems.